setting up IP/location restriction for Onedrive

Dave Oanzon 0 Reputation points
2024-06-30T23:18:00.78+00:00

Good day, I'm just new in all Intune/Entra ID setting up security and policy for our corporate business. Basically I manage around 10 DELL micros and 2 corporate laptops and 2 manager's laptop including mine. I've been having difficulties on one conditional policy. Its the Location/IP restriction policy under Entra ID P2 which I am now for a trial period. Confused and hard for me to deploy it and afraid of locking my own self as admin. I just want to create this policy right because our boss wants every employee not to access OneDrive outside the company. I've been reading alot of articles about it and still having difficulty on deciding to deploy it. I've already deployed some security policies on all computers and its been working fine, with all computers in "compliant" status green. What I want to achieve is how to do the IP/Location restriction right for Office 365 Onedrive? I am confused on the part on which IP am I going to put into the policy box. Is it the public IP? am I only going to put one IP address? how should I start? or Am I first need to identify the location before doing this setting? I just need a guide on how, much appreciated if someone will lead me. Also I'm doing this policy conditional access on Intune admin portal. thank you.

OneDrive
OneDrive
A Microsoft file hosting and synchronization service.
936 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,655 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ZhoumingDuan-MSFT 10,580 Reputation points Microsoft Vendor
    2024-07-01T02:37:16.1966667+00:00

    @Dave Oanzon, Thanks for posting in Q&A.

    Could you please confirm us that " your boss wants every employee not to access OneDrive outside the company" means that your boss wants to employees' access OneDrive only in company but no other location. If yes, we can create a conditional access policy with Network restriction. And you can configure the corporate IPs as trusted location and select it in Network session under Conditional Access policy, then only devices can access OneDrive only in the company.

    Here is a link you can refer.

    https://video2.skills-academy.com/en-us/entra/identity/conditional-access/concept-assignment-network#all-compliant-network-locations

    Hope it will help.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments